Subscription to the full report on a daily basis can be obtained:
Send an eMail to dhsdailyadmin@mail.dhs.osis.gov with the subject "DHS Daily Open Source Infrastructure Report" and the following line in the body...subscribe.
To obtain a complete copy of the current report proceed to the DHS link below.
To obtain reports more than 10 business days old, send an eMail to DHS_Reports@e-computer-security.com. Be specific as to the reports you wish to receive.

· Superior Crude
Gathering Inc., agreed October 29 to pay $1.6 million in penalties to settle
alleged violations of the Clean Water Act stemming from a 92,400 gallon crude
oil spill from tanks at the company’s oil storage facility in Ingleside, Texas,
into an unnamed lake and wetlands in 2010. – U.S. Environmental Protection
Agency

1.
October 29, U.S. Environmental Protection Agency –
(Texas) Texas company to pay $1.6M for oil spill violations. The U.S.
Environmental Protection Agency and the U.S. Department of Justice reached a
settlement with Texas-based Superior Crude Gathering Inc., (Superior Crude)
October 29 for alleged violations of the Clean Water Act stemming from a 92,400
gallon crude oil spill from tanks at the company’s oil storage facility in
Ingleside into an unnamed lake and wetlands in 2010. Superior Crude will pay a
$1.6 million civil penalty. Source: http://yosemite.epa.gov/OPA/ADMPRESS.NSF/d0cf6618525a9efb85257359003fb69d/0bcc7b168f89d77f85257d8000674455

· Developers
warned that Drupal Web sites that were not patched within 7 hours of the
disclosure of a critical SQL injection vulnerability October 15 should be
considered compromised and advised admins to restore their sites. – The
Register See item 24
below in the Information Technology
Sector

· The Chickamauga
Lock was shut down and traffic on the Tennessee River stalled near Chattanooga,
Tennessee, after the U.S. Army Corps of Engineers discovered an upper gate
anchorage issue during a routine inspection October 27. – WBIR 10 Knoxville

35.
October 28, WBIR 10 Knoxville – (Tennessee)
Chickamauga Lock closed for repairs. The Chickamauga Lock was shut down
and traffic on the Tennessee River stalled near Chattanooga after the U.S. Army
Corps of Engineers discovered an upper gate anchorage issue during a routine
inspection October 27 that requires immediate repair. The closure is expected
to last approximately 3 weeks. Source: http://www.wbir.com/story/news/local/2014/10/28/chickaumaga-lock-closed-for-repairs/18064139/

Financial Services Sector

3. October
29, Reuters – (Illinois; Indiana) Twenty-nine charged in Chicago
with ‘cracking cards’ bank fraud scheme. Prosecutors filed federal and
State charges against 29 people in the Chicago area and in Hammond, Illinois,
for allegedly running a bank fraud scheme that recruited individuals to hand
over debit cards and then cash fraudulent checks to the accounts, causing bank
losses of more than $1.7 million. Source: https://news.yahoo.com/twenty-nine-charged-chicago-cracking-cards-bank-fraud-181808332.html

For another story, see item 33 below
from the Commercial Facilities Sector

33. October
30, Softpedia – (International) Mobile payment app contender
CurrentC sees testers’ details stolen. Merchant Customer Exchange (MCX)
notified adopters of CurrentC, a mobile payment app currently hosted in a trial
phase, of an intrusion that revealed the email addresses of those with accounts
for the testing program. The company reported that it is investigating and
believes the intrusion was a result of a third-party vulnerability. Source: http://news.softpedia.com/news/Mobile-Payment-App-Contender-CurrentC-Sees-Testers-Details-Stolen-463568.shtml

Information Technology Sector

24. October 30, The Register – (International) Drupalocalypse! Devs say it’s best to
assume your CMS is owned. The developers of the Drupal content management
system (CMS) warned that Drupal Web sites that were not patched within 7 hours
of the disclosure of a critical SQL injection vulnerability October 15 should
be considered compromised due to the simplicity of the vulnerability and how
quickly it was leveraged by attackers. The developers advised affected admins
to restore their sites from backup since applying the patch would only close
the vulnerability to future use, not remove any malware already in place.
Source: http://www.theregister.co.uk/2014/10/30/drupal_sites_considered_hosed_if_sqli_hole_unclosed/

25. October 30, Threatpost – (International) Popular Science website infected,
serving malware. Researchers from Websense Security Lab discovered and
reported that the Web site of Popular Science magazine was compromised and
injected with a malicious iFrame that redirects users to a site hosting the RIG
Exploit Kit. Source: http://threatpost.com/popular-science-website-infected-serving-malware/109089

26. October 30, Securityweek – (International) “AirHopper” malware uses radio signals
to steal data from isolated computers. Researchers at the Ben Gurion
University created a proof-of-concept malware dubbed AirHopper that was used to
demonstrate a data exfiltration attack against air gapped systems using radio
signals produced by the target system’s graphics card. The attack requires
adding the malware to the target system and installing malicious code onto a
nearby mobile device in order to set up the channel for transmitting the data
sent from the target system. Source: http://www.securityweek.com/airhopper-malware-uses-radio-signals-steal-data-isolated-computers

28. October 29, Securityweek – (International) ICS-CERT warns of ongoing attack
campaign targeting industrial control systems. The Industrial Control
Systems Cyber Emergency Response Team (ICS-CERT) issued an advisory warning
about an ongoing attack campaign targeting human machine interface (HMI)
products used in industrial control systems including GE Cimplicity,
Advantech/Broadwin WebAccess, and Siemens WinCC products. The campaign uses a
variant of the BlackEnergy malware and shares the same command and control
infrastructure as the Sandworm campaign team. Source: http://www.securityweek.com/ics-cert-warns-ongoing-attack-campaign-targeting-industrial-control-systems

29. October 29, Securityweek – (International) Microsoft releases Fix It tool to
disable SSL 3.0 in IE to muzzle Poodle attack. Microsoft released a Fix It
tool that allows users to disable SSL 3.0 in all supported versions of Internet
Explorer, closing the vulnerability used in the POODLE attack. The company also
announced that it will disable SSL 3.0 and fallback to SSL 3.0 by default in
its products in the months ahead. Source: http://www.securityweek.com/microsoft-releases-fix-it-tool-disable-ssl-30-ie-muzzle-poodle-attack

For another story, see item 33 below
from the Commercial Facilities Sector

33.
October 30, Softpedia –
(International) Mobile payment app contender CurrentC sees testers’ details
stolen. Merchant Customer Exchange (MCX) notified adopters of CurrentC, a
mobile payment app currently hosted in a trial phase, of an intrusion that
revealed the email addresses of those with accounts for the testing program.
The company reported that it is investigating and believes the intrusion was a
result of a third-party vulnerability. Source: http://news.softpedia.com/news/Mobile-Payment-App-Contender-CurrentC-Sees-Testers-Details-Stolen-463568.shtml

· Federal
authorities charged 28 people, including a former TCF Bank branch supervisor
and former Central Bank teller in Minnesota, for allegedly running a bank fraud
scheme that used around 1,500 counterfeit checks to steal or attempt to steal
over $2 million from banks in several States. – Minneapolis Star Tribune See item 8 below in the Financial
Services Sector

· Two
Philadelphia, Pennsylvania men were charged by federal authorities for
allegedly conspiring to extort victims out of more than $5.8 million by
threatening them into paying money onto MoneyPak prepaid debit cards, which the
two men allegedly transferred to Green Dot Cards under their control. – Newark
Star-Ledger See item 9 below in the Financial Services Sector

· Comcast agreed
to pay $16.7 million to subscribers in Philadelphia, Pennsylvania, and nearby
counties and offer up to $33.33 million in services in a settlement for
allegedly overcharging subscribers between 2003 and 2008. – Reuters See item 22 below in the Communications
Sector

Financial Services Sector

8. October 29, Minneapolis Star
Tribune – (National) Minnesota bank
supervisor, teller among 28 charged in massive check fraud, says U.S. attorney.
Federal authorities charged 28 people, including a former TCF Bank branch
supervisor and former Central Bank teller in Minnesota, for allegedly running a
bank fraud scheme that used around 1,500 counterfeit checks to steal or attempt
to steal over $2 million from banks in several States. Arrests were made in
connection with the charges in Florida, Minnesota,North Dakota, and Oregon.
Source: http://www.startribune.com/local/280683322.html

21. October 29, Securityweek – (International) Vulnerability found in firmware update
process of ASUS routers. A researcher identified and reported a
vulnerability in ASUS RT-series routers that could have allowed attackers to
use a man-in-the-middle (MitM) attack to trick users into downloading older,
vulnerable firmware versions or potentially malicious code due to the firmware
request being sent in HTTP instead of HTTPS. ASUS closed the vulnerability in
its 3.0.0.4.367.1123 update. Source: http://www.securityweek.com/vulnerability-found-firmware-update-process-asus-routers

23.
October 28, Eureka Times-Standard –
(California) Phone, Internet service restored; no explanation yet on
outages. Cellphone and Internet service for many Humboldt County residents
and businesses was disrupted for most of the day October 27 due to a fiber issue
that also affected the U.S. Coast Guard Sector Humboldt Bay Command Center’s
and Arcata Police Department’s communication systems. The source of the outage
remains unknown and it is not immediately clear how many customers were
affected. Source: http://www.times-standard.com/News/ci_26820315/Phone-Internet-service-restored;-no-explanation-yet-on-outages

24.
October 28, Los Angeles Times –
(National) FTC sues AT&T over unlimited data plans. The Federal
Trade Commission sued AT&T Inc. October 28 for allegedly misleading
millions of wireless customers who had unlimited data plans by slowing the
speed of their data usage if they exceeded a monthly threshold, a practice
known as throttling, and for failing to adequately notify impacted customers.
Source: http://www.latimes.com/business/la-fi-ftc-att-suit-20141029-story.html

Links

About Me

U.S. Army Retired Chief Warrant Officer with more than 40 years in information technology and 35 years in information security. Became a Certified Information Systems Security Professional in 1995 and have taught computer security in Asia, Canada and the United States. Wrote a computer security column for 5 years in the 1980s titled "for the Sake Of Security", penname R. E. (Bob) Johnston, which was published in Computer Decisions.
Motto: "When entrusted to process, you are obligated to safeguard"